I have just completed the registration, login, profile portion of my website (local host only using XAMPP).
I am just reviewing the session security procedures.
In this web link https://wblinks.com/notes/secure-sessio ... ment-tips/ it suggested I remove the session ID cookie when I log the person off due to lack of user activity
The code for the user notice time out page is below. (the cookie delete is from the page above but I placed a comment in the code)
Code: Select all
<?php
session_start();
session_unset();
setcookie("sid","",1); //I can't see why this would work since the cookie is on the client machine - should it not be javascript doing the delete of the cookie???)
session_destroy();
?>
By the way, I found the general google chrome cookie directory and it does not seem to be there based upon a date/time sort.
Thanks,
John